Major New OpenSSL Released | Malware Uses Novel Fileless Technique to Evade Detection

[TechWeb]( Follow Dark Reading: [RSS]( September 09, 2021 LATEST SECURITY NEWS & COMMENTARY [Major New OpenSSL Released]( A key part of the cryptographic infrastructure of the Internet, OpenSSL has turned 3.0, but rival Rust-based TLS, Rustls, promises to head off future security vulnerabilities. [New Malware Uses Novel Fileless Technique to Evade Detection]( PRIVATELOG and its installer STASHLOG first to use Common Log File System to stash secondary payload, Mandiant researchers say. [Attackers Moving Faster Inside Target Networks]( Criminals begin moving laterally inside a target network within 92 minutes of gaining access and demonstrate new stealthy capabilities, a new report shows. [Cybercriminals See Bountiful Harvest in Food Supply Chain]( Agriculture and food companies are seeing increased attacks from ransomware groups targeting the industry, prompting the DoJ and security firms to issue warnings. [The Great Payment Debate: How to Evaluate Your Ransomware Response]( With ransomware attacks on the rise, all organizations must assume they will eventually be a target and start putting prevention and mitigation strategies in place now. [I Moved to Cybersecurity After a Decade in Finance — Here's How You Can Too]( The cybersecurity industry needs employees with nontraditional backgrounds who can offer fresh perspectives. Here are tips for making a career switch to this growing and exciting field. [Hackers Shut Down a Pipeline. How Should the Energy Sector Respond?]( With all eyes on cybersecurity, the energy and utilities industries are adopting zero-trust frameworks. Here are three key steps to implementing zero trust for critical industries. [Back to School Pivots to Hack the School]( Any state with a vibrant economy — and schools — should be considered big targets for ransomware attackers. [Microsoft Windows Zero-Day Under Attack]( Microsoft has published mitigations and workarounds for a remote code execution vulnerability in MSHTML. [Faced with COVID Challenges, Enterprises Increase Security Spending]( Joint survey from Dark Reading and Omdia finds security spending went up amid COVID, but many organizations still feel their risk mitigation efforts fell short. [Ragnar Locker Threatens to Leak Data if Victims Contact Authorities]( The ransomware group says it will leak victims' stolen data if they seek help from law enforcement or data encryption experts. [CISA Releases Zero Trust Maturity Model for Public Comment]( The maturity model was drafted in June to help federal agencies comply with an executive order and is now ready for feedback. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [DDoS Attacks Hitting Victims in High-Bandwidth 'Bursts']( The volume of traffic harnessed by attackers has grown steadily over the years, with distributed denial-of-service attacks regularly topping hundreds of gigabytes per second. [What Does a Virtual CISO Do, and When Should an Org Have One?]( Organizations can turn to a virtual CISO to build a tailored security strategy; they don't need to wait till they have an in-house security leader. [Top 6 Breaches In the Last 20 Years That Reshaped Cybersecurity]( History is a great teacher, especially in the cybersecurity industry. [MORE]( EDITORS' CHOICE [Translated Ransomware Playbook Gives Rare Insight into Gang's Operation]( A purported playbook for working with the Conti ransomware group shows that even cybercriminals need dead-simple instructions to navigate complex attacks, experts say. [Ransomware Attacks: Why the FBI's Numbers Don't Add Up]( The data shared by the FBI doesn't reflect some of the major attacks this year. For the sake of everyone, that is an issue that needs to be addressed. LATEST FROM THE EDGE [Edge Chat with Cisco Secure's TK Keanini on Achieving Better Security Outcomes]( The latest installment of Edge Chats focuses on how security teams can achieve better security outcomes with an open platform. Tech Resources - [Zero Trust and the Power of Isolation for Threat Prevention]( - [Digital Transformation and Data Security]( - [The Transition to Empowered Enterprise Authentication]( - [A Pragmatic Path to SASE]( - [2021 Cyberthreat Defense Report]( - [World Wide Technology: Digital Transformation Customer Journey]( - [Five Reasons to Protect your VPN with Multi-Factor Authentication]( [ACCESS TECH LIBRARY NOW]( - [Detecting and Stopping Online Attacks]( Today's cyber attackers can compromise your systems using a variety of methods, from well-disguised malware to sophisticated, targeted exploits aimed right at your company. How can you identify these attacks quickly and respond effectively? In this Dark Reading webinar, top ... - [Security Alert Fatigue: How to Wake Up and Take Back Control of your SOC]( In this webinar, learn expert tips on how to improve your processes and use orchestration to relieve security alert fatigue, get the most out of your security investments and improve your cyber incident response. [MORE WEBINARS]( FEATURED REPORTS - [Enterprise Cybersecurity Plans in a Post-Pandemic World]( As the COVID-19 pandemic eases, IT security threats and the challenges involved in responding to them are trending upward. Security leaders expect that cyberattacks like ransomware, phishing, and malware will increase even as the pandemic eventually recedes. Download the Dark ... - [The State of Malware Threats]( [MORE REPORTS]( CURRENT ISSUE [Enterprise Cybersecurity Plans in a Post-Pandemic World]( [DOWNLOAD THIS ISSUE]( [SUBSCRIBE NOW]( [BACK ISSUES]( | [MUST READS]( | [TECH DIGEST]( PRODUCTS & RELEASES [Commvault Adds New Ransomware Protection and Response Services to Its Data Security Solutions]( [OneLogin Automates Advanced Identity Lifecycle Management Processes]( [ESET Research Uncovers Latest BladeHawk Campaign: Android Espionage Against Kurds]( [Kaspersky Announces Smart Home Security]( [Bluefin Receives US Patent on Systems for Vaultless Tokenization and Encryption]( [Fullstack Academy and Security Advisor Alliance Partner to Advance Nationwide Cybersecurity Education and Entry-Level Talent]( [SynSaber Announces Palm-Sized Operational Threat Sensor]( [MORE PRODUCTS & RELEASES]( Dark Reading Weekly -- Published By [Dark Reading]( Informa Tech 303 Second St., Suite 900 South Tower, San Francisco, CA 94107 To update your profile, change your e-mail address, or unsubscribe, [click here.]( To opt-out of any future Dark Reading Weekly Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:customerservice_informationhub@techweb.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2021]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:customerservice_informationhub@techweb.com)